×
Senior Manager, Cyber Security Systems
Ville : Hamilton
Catégorie : Other
Industrie : Education
Employeur : McMaster University
Hamilton, ON
At McMaster University, our people are our most valuable asset. We strive to attract, develop, and retain talented faculty and staff, and to foster inclusive excellence which values the strengths, perspectives, and contributions of each individual. McMaster’s profile and stature has evolved to one of the Top 70 Universities in the World and we are recognized as Canada’s Most Research Intensive University. McMaster is also recognized as one of the top employers in the Hamilton/Niagara region and has been recognized as one of Canada’s Top Diversity employers in each of 2019, 2020 and 2021.
Our University Technology Services team mission is to provide exceptional customer service and a high level of support to the McMaster community. Our goal is to ensure transparency, innovation and accountability in service delivery and support. We stand by and value integrity, mutual respect, collaboration and cooperation in support of the University’s IT Strategic Vision of a connected One IT community. Our Information Security Services team is integral to the institution’s central IT department, to champion the implementation and advancement of McMaster Information Security portfolio, as well as the McMaster Information Technology (IT) Strategy and campus IT culture.
The Senior Manager, Cyber Security Systems and Information Security Officer will report to and work alongside the Director of Information Security on the implementation of the Information Security Road Map, and with input and guidance to lead the resources needed to provide overall planning for and deliver of properly architected IT security services to McMaster users at all stages of the system’s life cycle. This includes managing security architecture planning and oversight related to all new technology solutions, including emerging applications, integrations, and technologies; development and delivery of governance, risk and control policies and processes; the Identity and Access Management Program and enhancements, core to access and authorization to systems across the institution; and providing senior level security expertise to the development and delivery of Information Security Services. The incumbent will lead Information Security Investigations as the Information Security Officer for the Institution.
Responsible for: contributing to the advancement of the Information Security Services Road Map; Governance, Risk and Control; Security Architecture; Identity and Access Management; Network and Infrastructure Security and Security Services for Researchers, Incident Response activities All activities and IT Security strategies that will advance and strengthen the IT Security Culture of the Institution and it’s IT security Posture. The execution, management, and oversight of day-to-day activities related to the above functions by a team of Information Security professionals within UTS and across all areas of the institution. Some of these positions will directly report to this position or may indirectly fall within the guidance and direction of this position and the services they oversee, through the implementation of MOUs and SLAs. The development and technical leadership for projects and initiatives that develop and or arise from the Information Security Road Map relevant to this function. Lead the Identity and Access Management initiatives and team; Lead the expansion and enhancement of Governance Risk and Control Services; Take on the responsibilities as the institution’s primary IT Security Architect; Deliver on the responsibilities of Information Security Officer and including strategic technical consultation on risks, contracts, privacy and IT Security processes to the UTS department and the broader University community; Provide leadership and expertise during IT Security Incident Response activities, both internal to the Information Security Services team (ISS team) as well as across campus Provide leadership in the development and delivery of the Information Security Plan for Researchers Provide leadership on Network and Infrastructure Security planning and delivery Provide leadership to the ISS team members, as well as the McMaster IT community Provide coverage and oversight during the Director of Information Security Services absences
Responsibilities in the area of IT Security Architecture and Governance, Risk and Control will include a variety of operational activities including infrastructure consultations, contract and purchasing reviews for IT Security risks, IT Security investigations, Privacy Incidents involving technology, Risk Assessments and IT related audits as well as writing confidential reports or findings to applicable senior level institutional leaders and/or oversight groups.
The Senior Manager of Cyber Security Systems will provide day to day leadership, mentorship and coaching and operational oversight of 5 Unifor personnel in the areas of Identity and Access Management, Research and IT Security Services for McMaster Researchers, and Network and Infrastructure Security. The Senior Manager will collaborate broadly across the institution and will provide leadership, mentorship and coaching to McMaster IT community members that do not report directly to this position and are undertaking IT security services related functions under MOUs and SLAs that outline standards and rules of engagement.
In the event of a significant IT security incident, the Senior Manager, Cyber Security Systems will work with / provide back up to, the Manager, Information Security Operations Service as outlined in the Incident Response Protocol, providing timely expertise and leadership to the campus community and in support of the Director of Information Security Services, as critical incident response activities are undertaken.
In the role of Information Security Officer, the Senior Manager works in collaboration with Internal Security Services, Internal Audit, the Privacy Office and the Office of Legal Services, ensuring that the level of IT related IT security risk is appropriately managed and reported to university and government stakeholders. This role will have significant level of interaction and leadership with institutional leadership, academic and administrative staff, researchers, institutional IT teams, vendors, external campus partners, IT security professionals across the Higher Education sector, and with the IT Security sector more broadly, both to enhance and strategically advise McMaster’s direction and to contribute in a fulsome way to the continued development and improvement of McMaster’s IT Security posture. The ISO will ensure that broad perspectives are sought, collaborations and partnerships are leveraged and personnel and resources are optimized towards the achievement of the IT Security objectives and outcomes.
JOB SPECIFIC ACCOUNTABILITIES Provides collaboration, leadership and support to the Director of Information Security in the delivery and advancement of the Information Security Services Road Map; Governance, Risk and Control; Security Architecture; Identity and Access Management; Network and Infrastructure Security and Security Services for Researchers that will advance and strengthen the Security Culture of the Institution and Security Posture. Oversight of day-to-day for the above functions by a team of Information Security professionals that undertake the work who either directly report to this role or indirectly under MOUs and SLAs. The strategy, development and technical leadership for projects and initiatives that develop and or arise from the Information Security Road Map relevant to this function. Carrying out the Role of Information Security Office as it relates to IT Security investigations including incident response, Privacy Incidents involving technology, Risk Assessments and IT related audits as well as writing confidential reports or findings to the applicable groups. The Information Security Officer, in collaboration with Internal Security Services, Internal Audit, the Privacy Office and the Office of Legal Services, ensures that the level of IT related security risk is appropriately managed and reported on to University and government stakeholders. Leads the interaction and leadership with external teams, vendors, partners, security professionals and across the Higher Education Community to ensure that all perspectives our sought, collaborations and partnerships are leveraged and optimized towards the achievement of objectives and outcomes. In particular, the Senior Manager is responsible for the ongoing maturing of the IS functions of Information Security Architecture, Identity and Access Management, Network and Infrastructure Security and Security Plans for Researchers in response to the changing security landscape and changes to sector wide Information Security Services from ORION and CanSSOC. Develops, recommends, assess, and leads IT security priorities and resource deployment to deliver on the functional areas of responsibility. Provide technical security leadership and guidance as it relates to Architecture; Governance, Risk and Control, Identity and Access Management; Network and Infrastructure services in consultation to the UTS department and the broader University community as it relates to the maturing and evolving of these security functions and other technology maturity activity bringing a security Architectural; Governance, Risk and Control and Identity and Access Management perspective those in other related technical areas. Ensures the resolution of all security Architectural; Governance, Risk and Control and Identify and Access Management issues, tickets and risks and escalate and engage senior leaders, stakeholders, IT professionals as required prior to key check points and milestones for projects, programs, software, integrations, etc. Identify and institute security Architecture; Governance, Risk and Controls and Identify and Access Management functional key performance and key risk measures to monitor progress toward security road map and performance goal attainment, tenaciously working to meet or exceed those goals, while deriving satisfaction from the process of goal achievement and continuous improvement. Ensure that the internal and external stakeholder, colleagues, IT professional, staff, student and faculty perspective is a driving force behind security function decisions and activities in the areas under the responsibility of this role Use delegated authority to enforce IT Security Policies and Standards as the Information Security Officer to ensure effective management of Risk in accordance with the Risk Tolerance and Appetite of the Institutional Leadership. Engage in evidence collection and examination associated with highly confidential investigations in collaboration with other investigation experts at the University. Follow security Architecture; Governance, Risk and Control; Identity and Access Management function delivery practices that meet both the stakeholders, colleagues, staff, student, faculty, IT professionals' and the University's needs. Interact with others in a way that gives them confidence in one's intentions and those of the University. Work collaboratively with others to achieve departmental and institutional goals. Actively participate as a member of a team to move the team toward the completion of goals. Perform a range of varied work activities in a variety of structured environments. Successfully engage in multiple initiatives simultaneously. Apply and enforce department change control policies and procedures. Read, understand and contribute to the execution of project plans at all levels of complexity. Remain current with relevant security Architecture; Governance, Risk and Control; Identity and Access Management; and, Network and Infrastructure Security methodologies, policies, standards, frameworks, and best practices.
CORE COMPETENCIES COMMUNICATING: Exchanges organizational knowledge clearly, frequently, and consistently; communicates plans and decisions necessary for meaningful participation and optimal work by team members, colleagues, stakeholders, other IT professionals and leadership; listens actively, with insight and respect to others' perspectives; perceives and reacts sensitively to others' nonverbal cues; builds relationships and attracts support; gives recognition to groups and individuals who contribute to the University's achievement overall and in particular Information Security goals and objectives. DEVELOPING PEOPLE: Advocates and enables continuous learning opportunities for all employees; encourages employee involvement in decision making as an integral part of the developmental process; active in self-development; as key expert, remains current with industry trends and best practices in information security Architecture; Governance, Risk and Control; Identify and Access Management; Infrastructure and Network Security and the security needs for the Research Community and all related technologies, processes and approaches to provide proactive services in a timely fashion. LEADERSHIP: Known for achievement, and recognizes that achievement requires leadership and the participation others; recruits the right people; engages team members, colleagues, stakeholders, other IT professionals in efforts to achieve the vision of the University; solves problems that arise; evaluates progress towards goals and objectives; negotiates resolutions to conflicts; protects/heals the organization during times of change; integrates stakeholders, colleagues, IT professionals, team members to achieve synergies; promotes and supports a culture of health, safety, well-being and respect and ensures compliance with related policies and legislation to sustain a healthy work environment. EMBRACING CHANGE: Exhibits a passion for building creativity, innovation, and excellence at the University; works effectively with ambiguity and complex issues, while searching for innovations and improvements to make tomorrow's workplace better than today's; identifies, recommends, and implements new information security service opportunities in the functional areas of responsibilities of this role, as well as opportunities to improve existing information security solutions and processes; continually improves related systems and processes. OPTIMIZING SERVICE RELATIONSHIPS: Identifies, builds, and manages relationships which are service oriented, and constituent centered; systematically creates positive current and future benefits for the University; builds effective relationships, internally and externally in order to increase effectiveness in conducting assigned duties. PLANNING: Demonstrates initiative and effective planning and organization skills to meet deadlines and complete quality work; demonstrates understanding of higher education issues and fiscal awareness through course of work and contributes to fiscal responsibility, efficiency, and restraint.
TECHNICAL COMPETENCIES: STRATEGIC FOCUSED DELIVERY: Ability to bring a strategic focus to all aspects of systems and services under the direction of the Director Information Security; Security Architecture; Governance Risk and Control; Identity and Access Management; Network and Infrastructure Security and Security for Researchers delivery, maturity activities and continuous improvement. Able to develop strategic objectives and targets for the above functions and continuous improvement efforts. Ensures strategic alignment with the strategies and strategic objectives of McMaster, Information Security, and the Security Services organization. NETWORK and Infrastructure Technology and SECURITY Architecture and Technology: In-depth knowledge of and experience working with Network and Infrastructure experts in the course of Security Architecture and able to Lead a team in developing and providing Security Architecture services, advice and guidance for new and existing solutions; new and existing access points to the network and infrastructure and for all stakeholders such as Researchers that will impact the design and operation of Network and Infrastructure technologies. Through Architecture guidance and advice, able to integrate and orchestrate visibility and control of the Network and Infrastructure as it relates to new and existing applications, databases, technologies, and stakeholder compute needs. Expert knowledge of Firewalls, Network level Security Controls for prevention, detection and recovery related to security threats. TECHNOLOGY COMMUNICATOR: Ability to communicate complex, highly sensitive technology security challenges, associated risks, and provide guidance and advice as to a course of action. VENDOR AND CONSULTANT MANAGEMENT: In-depth knowledge and experience working with technology vendors and consultants to achieve business outcomes and ensure delivery on time, on budget and meeting delivery expectations. RISK MANAGEMENT: In-depth knowledge of and ability to apply risk management concepts, frameworks and approaches to information security initiatives and day to day activities with the ability to apply the appropriate level of risk appetite and tolerance to calibrate level of risk and recommend mitigation strategies and approaches SERVICE DELIVERY: Ability to ensure the consistent and timely delivery of Identity and Access Management (IAM)Services; Governance, Risk, Control and Architecture Services such as Contract and Technology Reviews SaaS solutions, integrations and maturing of technologies systems and networks. Thorough understanding of NIST, ISO, PCI, FIPPA, PHIPA, CMA, CASL, ITIL, COBIT, TOGAF standards and methodologies they provide leadership day to day and efforts to mature an evolve Security Architecture, IAM, Governance, Risk and Control tools and processes through collaboration and partnerships. INFORMATION TECHNOLOGY SECURITY ARCHITECTURE; GOVERNANCE RISK AND CONTROL MANAGEMENT METHODOLOGIES AND FRAMEWORKS: In-depth knowledge of and expertise with Information Security Architecture and Governance, Risk and Control Operations methodologies and frameworks NIST, ISO, ITIL, COBIT, TOGAF INFORMATION TECHNOLOGY ARCHITECTURE: Knowledge and ability to apply security Architecture theories, principles, concepts, practices, methodologies and frameworks in the course of providing expert advice and guidance to the leadership of the team of Security Professionals, as independent objective advice to stakeholders and in the maturing security Architecture processes and methodologies. IT SECURITY INCIDENT RESPONSE: Ability to manage and support the management of an Information Security Incident, in the event of a significant security incident where assistance and back up is required. INFORMATION TECHNOLOGY PROJECT MANAGEMENT: Knowledge and ability to apply formal project management principles and practices during security operations initiatives such as initiating, planning, executing, controlling, monitoring and closing projects while ensuring effective management of scope, resources, time, cost, quality, risk and communications.
Formal Education & Certification Bachelor's degree, with a preference for a Master’s Degree, and certifications that related to this area of responsibility or related field or equivalent experience. Ideal candidates will have at least 8 - 10 years of experience working in a progressive Information Technology security focused environment. 3 to 5 years of progressive experience in an IT management position, Additional education and/or experience in the higher education sector would be an asset. Demonstrated technical proficiency in at least two of the core IT disciplines Practical ITIL experience would be an asset.
At McMaster University, our people are our most valuable asset. We strive to attract, develop, and retain talented faculty and staff, and to foster inclusive excellence which values the strengths, perspectives, and contributions of each individual. McMaster’s profile and stature has evolved to one of the Top 70 Universities in the World and we are recognized as Canada’s Most Research Intensive University. McMaster is also recognized as one of the top employers in the Hamilton/Niagara region and has been recognized as one of Canada’s Top Diversity employers in each of 2019, 2020 and 2021.
Our University Technology Services team mission is to provide exceptional customer service and a high level of support to the McMaster community. Our goal is to ensure transparency, innovation and accountability in service delivery and support. We stand by and value integrity, mutual respect, collaboration and cooperation in support of the University’s IT Strategic Vision of a connected One IT community. Our Information Security Services team is integral to the institution’s central IT department, to champion the implementation and advancement of McMaster Information Security portfolio, as well as the McMaster Information Technology (IT) Strategy and campus IT culture.
The Senior Manager, Cyber Security Systems and Information Security Officer will report to and work alongside the Director of Information Security on the implementation of the Information Security Road Map, and with input and guidance to lead the resources needed to provide overall planning for and deliver of properly architected IT security services to McMaster users at all stages of the system’s life cycle. This includes managing security architecture planning and oversight related to all new technology solutions, including emerging applications, integrations, and technologies; development and delivery of governance, risk and control policies and processes; the Identity and Access Management Program and enhancements, core to access and authorization to systems across the institution; and providing senior level security expertise to the development and delivery of Information Security Services. The incumbent will lead Information Security Investigations as the Information Security Officer for the Institution.
Responsible for: contributing to the advancement of the Information Security Services Road Map; Governance, Risk and Control; Security Architecture; Identity and Access Management; Network and Infrastructure Security and Security Services for Researchers, Incident Response activities All activities and IT Security strategies that will advance and strengthen the IT Security Culture of the Institution and it’s IT security Posture. The execution, management, and oversight of day-to-day activities related to the above functions by a team of Information Security professionals within UTS and across all areas of the institution. Some of these positions will directly report to this position or may indirectly fall within the guidance and direction of this position and the services they oversee, through the implementation of MOUs and SLAs. The development and technical leadership for projects and initiatives that develop and or arise from the Information Security Road Map relevant to this function. Lead the Identity and Access Management initiatives and team; Lead the expansion and enhancement of Governance Risk and Control Services; Take on the responsibilities as the institution’s primary IT Security Architect; Deliver on the responsibilities of Information Security Officer and including strategic technical consultation on risks, contracts, privacy and IT Security processes to the UTS department and the broader University community; Provide leadership and expertise during IT Security Incident Response activities, both internal to the Information Security Services team (ISS team) as well as across campus Provide leadership in the development and delivery of the Information Security Plan for Researchers Provide leadership on Network and Infrastructure Security planning and delivery Provide leadership to the ISS team members, as well as the McMaster IT community Provide coverage and oversight during the Director of Information Security Services absences
Responsibilities in the area of IT Security Architecture and Governance, Risk and Control will include a variety of operational activities including infrastructure consultations, contract and purchasing reviews for IT Security risks, IT Security investigations, Privacy Incidents involving technology, Risk Assessments and IT related audits as well as writing confidential reports or findings to applicable senior level institutional leaders and/or oversight groups.
The Senior Manager of Cyber Security Systems will provide day to day leadership, mentorship and coaching and operational oversight of 5 Unifor personnel in the areas of Identity and Access Management, Research and IT Security Services for McMaster Researchers, and Network and Infrastructure Security. The Senior Manager will collaborate broadly across the institution and will provide leadership, mentorship and coaching to McMaster IT community members that do not report directly to this position and are undertaking IT security services related functions under MOUs and SLAs that outline standards and rules of engagement.
In the event of a significant IT security incident, the Senior Manager, Cyber Security Systems will work with / provide back up to, the Manager, Information Security Operations Service as outlined in the Incident Response Protocol, providing timely expertise and leadership to the campus community and in support of the Director of Information Security Services, as critical incident response activities are undertaken.
In the role of Information Security Officer, the Senior Manager works in collaboration with Internal Security Services, Internal Audit, the Privacy Office and the Office of Legal Services, ensuring that the level of IT related IT security risk is appropriately managed and reported to university and government stakeholders. This role will have significant level of interaction and leadership with institutional leadership, academic and administrative staff, researchers, institutional IT teams, vendors, external campus partners, IT security professionals across the Higher Education sector, and with the IT Security sector more broadly, both to enhance and strategically advise McMaster’s direction and to contribute in a fulsome way to the continued development and improvement of McMaster’s IT Security posture. The ISO will ensure that broad perspectives are sought, collaborations and partnerships are leveraged and personnel and resources are optimized towards the achievement of the IT Security objectives and outcomes.
JOB SPECIFIC ACCOUNTABILITIES Provides collaboration, leadership and support to the Director of Information Security in the delivery and advancement of the Information Security Services Road Map; Governance, Risk and Control; Security Architecture; Identity and Access Management; Network and Infrastructure Security and Security Services for Researchers that will advance and strengthen the Security Culture of the Institution and Security Posture. Oversight of day-to-day for the above functions by a team of Information Security professionals that undertake the work who either directly report to this role or indirectly under MOUs and SLAs. The strategy, development and technical leadership for projects and initiatives that develop and or arise from the Information Security Road Map relevant to this function. Carrying out the Role of Information Security Office as it relates to IT Security investigations including incident response, Privacy Incidents involving technology, Risk Assessments and IT related audits as well as writing confidential reports or findings to the applicable groups. The Information Security Officer, in collaboration with Internal Security Services, Internal Audit, the Privacy Office and the Office of Legal Services, ensures that the level of IT related security risk is appropriately managed and reported on to University and government stakeholders. Leads the interaction and leadership with external teams, vendors, partners, security professionals and across the Higher Education Community to ensure that all perspectives our sought, collaborations and partnerships are leveraged and optimized towards the achievement of objectives and outcomes. In particular, the Senior Manager is responsible for the ongoing maturing of the IS functions of Information Security Architecture, Identity and Access Management, Network and Infrastructure Security and Security Plans for Researchers in response to the changing security landscape and changes to sector wide Information Security Services from ORION and CanSSOC. Develops, recommends, assess, and leads IT security priorities and resource deployment to deliver on the functional areas of responsibility. Provide technical security leadership and guidance as it relates to Architecture; Governance, Risk and Control, Identity and Access Management; Network and Infrastructure services in consultation to the UTS department and the broader University community as it relates to the maturing and evolving of these security functions and other technology maturity activity bringing a security Architectural; Governance, Risk and Control and Identity and Access Management perspective those in other related technical areas. Ensures the resolution of all security Architectural; Governance, Risk and Control and Identify and Access Management issues, tickets and risks and escalate and engage senior leaders, stakeholders, IT professionals as required prior to key check points and milestones for projects, programs, software, integrations, etc. Identify and institute security Architecture; Governance, Risk and Controls and Identify and Access Management functional key performance and key risk measures to monitor progress toward security road map and performance goal attainment, tenaciously working to meet or exceed those goals, while deriving satisfaction from the process of goal achievement and continuous improvement. Ensure that the internal and external stakeholder, colleagues, IT professional, staff, student and faculty perspective is a driving force behind security function decisions and activities in the areas under the responsibility of this role Use delegated authority to enforce IT Security Policies and Standards as the Information Security Officer to ensure effective management of Risk in accordance with the Risk Tolerance and Appetite of the Institutional Leadership. Engage in evidence collection and examination associated with highly confidential investigations in collaboration with other investigation experts at the University. Follow security Architecture; Governance, Risk and Control; Identity and Access Management function delivery practices that meet both the stakeholders, colleagues, staff, student, faculty, IT professionals' and the University's needs. Interact with others in a way that gives them confidence in one's intentions and those of the University. Work collaboratively with others to achieve departmental and institutional goals. Actively participate as a member of a team to move the team toward the completion of goals. Perform a range of varied work activities in a variety of structured environments. Successfully engage in multiple initiatives simultaneously. Apply and enforce department change control policies and procedures. Read, understand and contribute to the execution of project plans at all levels of complexity. Remain current with relevant security Architecture; Governance, Risk and Control; Identity and Access Management; and, Network and Infrastructure Security methodologies, policies, standards, frameworks, and best practices.
CORE COMPETENCIES COMMUNICATING: Exchanges organizational knowledge clearly, frequently, and consistently; communicates plans and decisions necessary for meaningful participation and optimal work by team members, colleagues, stakeholders, other IT professionals and leadership; listens actively, with insight and respect to others' perspectives; perceives and reacts sensitively to others' nonverbal cues; builds relationships and attracts support; gives recognition to groups and individuals who contribute to the University's achievement overall and in particular Information Security goals and objectives. DEVELOPING PEOPLE: Advocates and enables continuous learning opportunities for all employees; encourages employee involvement in decision making as an integral part of the developmental process; active in self-development; as key expert, remains current with industry trends and best practices in information security Architecture; Governance, Risk and Control; Identify and Access Management; Infrastructure and Network Security and the security needs for the Research Community and all related technologies, processes and approaches to provide proactive services in a timely fashion. LEADERSHIP: Known for achievement, and recognizes that achievement requires leadership and the participation others; recruits the right people; engages team members, colleagues, stakeholders, other IT professionals in efforts to achieve the vision of the University; solves problems that arise; evaluates progress towards goals and objectives; negotiates resolutions to conflicts; protects/heals the organization during times of change; integrates stakeholders, colleagues, IT professionals, team members to achieve synergies; promotes and supports a culture of health, safety, well-being and respect and ensures compliance with related policies and legislation to sustain a healthy work environment. EMBRACING CHANGE: Exhibits a passion for building creativity, innovation, and excellence at the University; works effectively with ambiguity and complex issues, while searching for innovations and improvements to make tomorrow's workplace better than today's; identifies, recommends, and implements new information security service opportunities in the functional areas of responsibilities of this role, as well as opportunities to improve existing information security solutions and processes; continually improves related systems and processes. OPTIMIZING SERVICE RELATIONSHIPS: Identifies, builds, and manages relationships which are service oriented, and constituent centered; systematically creates positive current and future benefits for the University; builds effective relationships, internally and externally in order to increase effectiveness in conducting assigned duties. PLANNING: Demonstrates initiative and effective planning and organization skills to meet deadlines and complete quality work; demonstrates understanding of higher education issues and fiscal awareness through course of work and contributes to fiscal responsibility, efficiency, and restraint.
TECHNICAL COMPETENCIES: STRATEGIC FOCUSED DELIVERY: Ability to bring a strategic focus to all aspects of systems and services under the direction of the Director Information Security; Security Architecture; Governance Risk and Control; Identity and Access Management; Network and Infrastructure Security and Security for Researchers delivery, maturity activities and continuous improvement. Able to develop strategic objectives and targets for the above functions and continuous improvement efforts. Ensures strategic alignment with the strategies and strategic objectives of McMaster, Information Security, and the Security Services organization. NETWORK and Infrastructure Technology and SECURITY Architecture and Technology: In-depth knowledge of and experience working with Network and Infrastructure experts in the course of Security Architecture and able to Lead a team in developing and providing Security Architecture services, advice and guidance for new and existing solutions; new and existing access points to the network and infrastructure and for all stakeholders such as Researchers that will impact the design and operation of Network and Infrastructure technologies. Through Architecture guidance and advice, able to integrate and orchestrate visibility and control of the Network and Infrastructure as it relates to new and existing applications, databases, technologies, and stakeholder compute needs. Expert knowledge of Firewalls, Network level Security Controls for prevention, detection and recovery related to security threats. TECHNOLOGY COMMUNICATOR: Ability to communicate complex, highly sensitive technology security challenges, associated risks, and provide guidance and advice as to a course of action. VENDOR AND CONSULTANT MANAGEMENT: In-depth knowledge and experience working with technology vendors and consultants to achieve business outcomes and ensure delivery on time, on budget and meeting delivery expectations. RISK MANAGEMENT: In-depth knowledge of and ability to apply risk management concepts, frameworks and approaches to information security initiatives and day to day activities with the ability to apply the appropriate level of risk appetite and tolerance to calibrate level of risk and recommend mitigation strategies and approaches SERVICE DELIVERY: Ability to ensure the consistent and timely delivery of Identity and Access Management (IAM)Services; Governance, Risk, Control and Architecture Services such as Contract and Technology Reviews SaaS solutions, integrations and maturing of technologies systems and networks. Thorough understanding of NIST, ISO, PCI, FIPPA, PHIPA, CMA, CASL, ITIL, COBIT, TOGAF standards and methodologies they provide leadership day to day and efforts to mature an evolve Security Architecture, IAM, Governance, Risk and Control tools and processes through collaboration and partnerships. INFORMATION TECHNOLOGY SECURITY ARCHITECTURE; GOVERNANCE RISK AND CONTROL MANAGEMENT METHODOLOGIES AND FRAMEWORKS: In-depth knowledge of and expertise with Information Security Architecture and Governance, Risk and Control Operations methodologies and frameworks NIST, ISO, ITIL, COBIT, TOGAF INFORMATION TECHNOLOGY ARCHITECTURE: Knowledge and ability to apply security Architecture theories, principles, concepts, practices, methodologies and frameworks in the course of providing expert advice and guidance to the leadership of the team of Security Professionals, as independent objective advice to stakeholders and in the maturing security Architecture processes and methodologies. IT SECURITY INCIDENT RESPONSE: Ability to manage and support the management of an Information Security Incident, in the event of a significant security incident where assistance and back up is required. INFORMATION TECHNOLOGY PROJECT MANAGEMENT: Knowledge and ability to apply formal project management principles and practices during security operations initiatives such as initiating, planning, executing, controlling, monitoring and closing projects while ensuring effective management of scope, resources, time, cost, quality, risk and communications.
Formal Education & Certification Bachelor's degree, with a preference for a Master’s Degree, and certifications that related to this area of responsibility or related field or equivalent experience. Ideal candidates will have at least 8 - 10 years of experience working in a progressive Information Technology security focused environment. 3 to 5 years of progressive experience in an IT management position, Additional education and/or experience in the higher education sector would be an asset. Demonstrated technical proficiency in at least two of the core IT disciplines Practical ITIL experience would be an asset.
RESTEZ INFORMÉ
Abonnez-vous à notre bulletin pour obtenir les dernières nouvelles